As computer networks grow and the amount of data stored on computers and databases interconnected by those networks grows, so have attempts to gain unauthorized access to these computers and databases. Such attempts to gain unauthorized access to computers and databases may include methodical reconnaissance of potential victims to identify traffic patterns and existing defenses. One technique used to gain unauthorized access to computers and databases includes loading malicious software or malware onto a computer. Such malware is designed to disrupt computer operation, gather sensitive information, or to grant access to unauthorized individuals.
As the awareness of malware increases, the techniques used by malware to avoid detection have grown more sophisticated. These sophisticated techniques include armoring techniques, such as encryption or packing the malware so that the malware cannot be detected or analyzed. Further, the techniques used by sophisticated malware also include evasive techniques to detect antivirus products and analysis tools. Once the malware detects the use of these antivirus products or analysis tools, the malware remains armored to defeat analysis and classification by current security systems.
As a result, some security solutions may fail to detect sophisticated malware. And, the failure to detect malware on a computer or network can result in loss of high value data, downtime or destruction of infected computers and/or the networks, lost productivity, and a high cost to recover and repair the infected computers and/or networks.